THELMA SAMPSON
Information Security analyst
Palatine,Illinois
Summary
Extensive background and experience in Federal Information Security Management, IT infrastructures and ensuring secure design, and maintenance of large information systems, and data centers. Experience specializing in risk assessment, system controls, auditing policies and procedures, change management, testing and business processes verification and validation. A subject matter expert in the field of risk-based certification and accreditation using various flavors of the State, Federal, as well as International Cybersecurity frameworks (e.g. NIST RMF, FedRAMP, CMMC, Vendor Assessment, ISO 2700x etc.). Very knowledgeable of industry standards and proven track record of implementing the necessary controls to ensure compliance. Experienced in fast-paced environments and adaptable to last-minute changes. Thrives under pressure and consistently earns high marks for work quality and speed.
Overview
5
5
years of professional experience
1
1
Certification
Work History
Information Security Analyst
Zengen Group, LLC
05.2019 - Current
- Proficiently use Federal Certification and Accreditation (C&A) to develop, review and update SAP documents and accredit systems
- Developing, implementing, and coordinating security activities to ensure, protect and restore IT systems
- Develop and implement IT security policies and procedures to achieve regulatory compliance
- Identify and evaluate potential threats and vulnerabilities as well as proffer recommendations for mitigating identified risks
- Initiate Plan of Actions and Milestones" (POA&M) to help track the patching and remediation of identified security threats and weaknesses
- Document the baseline configuration system and updated polices and procedure document
- Develop and update SOP documents
- Analyze security incident
- Vulnerability report to ISSO
- Conduct periodic gap analysis reviews of the internal Information Security program using industry standards such as the National Institute of Standards (NIST)
- Develop and maintain a program of regularly scheduled network vulnerability assessments and reports
- Possess vast knowledge of industry standards and best practices, updates policies and procedures accordingly
- Manage the day-to-day operations of the data privacy program, including incident response, drafting privacy impact assessments, and managing data subject access requests
- Coordinate and work with program management office to support project planning activities, including drafting and maintaining robust project plans, documenting decisions and dependencies, and spotting and remediating potential gaps and weaknesses in program controls
- Work with cross-functional teams, including IT, human resources, contracts, and security to address potential compliance issues and achieve data privacy program initiatives and provide as-needed support to other programs within Ethics & Compliance
- Conducted security assessment interviews to determine the security posture of the system.
Information Security Analyst
House Of Alma (Retail)
- 03.2019
- Work effectively with other team members to complete required tasks
- Performing ongoing RMF/A&A/ATO projects in support of client security systems using NIST SP 800-37 Rev 1 as a guide
- Selecting and implementing applicable security controls (technical, operational and management) using NIST SP 800-53 Rev 4 as a guide
- Extensive knowledge of Categorizing Information Systems (using FIPS 199 and NIST SP 800-60 Vol 2 Rev 1 as a guide)
- Worked on AWS Cloud FedRAMP ATO package completed with a FedRAMP template
- Develop Remediation Plan
- Support IT Compliance and IT Audit effort
- Coordinate and communicate with system stakeholders as required to complete various A&A tasks
- Execute and assist in various assessment activities including A&A control assessment
- Coordinate and liaise with IT teams and advise on security requirements
- Provide guidance on industry on control requirements
- Conduct security assessment and advise on new project and initiative
- Schedule and engage with stakeholders to determine remediation timeline
- Support in updating and creation of standard and SOPs
- Prepare final security Assessment Report (SAR) containing the results and findings from the assessment
- Review security policy documents and make recommendations on documentation complaints
- Create and review SSP
- Augment internal audit and IT security resources to design, implement and test IT controls
- Work with system engineers to assemble accreditation packages, including SSP, SAR, POA&M etc
- Collect evidence to support implementation of system, baseline security controls and perform analysis on evidence to ensure compliance with the system security plan and risk management framework designs
- Monitored compliance with established standards
- Develop and maintain standards, policies, and associated security awareness documentation to ensure compliance with data privacy and information security regulations
- Partner with cross functional leaders to modify controls, identify risks, and institute processes that strengthen the overall security posture
- Provide IT compliance guidance and best practice information to application and infrastructure support teams
- Participate in multiple key initiatives to enhance IT Compliance
- Support internal and external audits related to, ISO, NIST controls compliance
- Review legal and regulatory bulletins and requirements pertaining to the Cybersecurity program and maintain processes to keep leadership apprised of possible compliance risks impacting the company
- Assist in walkthroughs and control testing in accordance with compliance guidelines
- Evaluate control gaps and document findings in the form of corrective action plans
- Work closely with process owners to identify the root cause of test failures, ensure corrective action plans fully remediate control gaps, and communicate test failures to all relevant stakeholders
- Conduct routine audits and analyses
- Perform other duties as assigned.
Education
Bachelor of Science Project Management -
University of Cape Coast
Skills
- FedRAMP
- NIST
- Vulnerability Management
- Analysis and Reporting
- Detail-oriented
- IT Security Policies
- Risk assessments
- Security Audits
- Security Consulting
- Control Assessor
- ISO 27001
- Third Party Risk Assessment
- CMMC
- EPIC
- Leadership
- Support Specialist and Analyst
- IT Support
- Help Desk
- Risk Management
- CyberArk
- Critical Thinking Skills
- Network Security
- Incident Response
- Reporting and documentation
- Best Practices Implementation
- Information Auditing
- Managing security breaches
- Regulatory Compliance
- Monitoring computer viruses
- Telecommunications Systems
- Threat Detection
- Operational Improvements
- Cybersecurity Policy Development
Certification
CompTIA Security
Languages
French
Elementary
English
Native/ Bilingual
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Timeline
Information Security Analyst
Zengen Group, LLC
05.2019 - Current
Information Security Analyst
House Of Alma (Retail)
- 03.2019
Bachelor of Science Project Management -
University of Cape Coast
Similar Profiles
Mark AveretteMark Averette
Vice President of Distribution at Premier Brands Group, LLC., One Jeanswear GroupVice President of Distribution at Premier Brands Group, LLC., One Jeanswear Group
Marc Joel ST LOUISMarc Joel ST LOUIS
Senior Mint Operator at MTB LLC. A Minting Company, Bullion International Group, MTB LLCSenior Mint Operator at MTB LLC. A Minting Company, Bullion International Group, MTB LLC
Joi Morgason OylerJoi Morgason Oyler
Licensed Realtor/ Lawn Care Business Owner at Premium Realty Group LLC / Lawns R Us LLCLicensed Realtor/ Lawn Care Business Owner at Premium Realty Group LLC / Lawns R Us LLC
Zack HughesZack Hughes
Grocery/Frozen lead associate at Mariano'sGrocery/Frozen lead associate at Mariano's
Amanda June SchumacherAmanda June Schumacher
Assistant Wellness Director at StoryPoint Senior LivingAssistant Wellness Director at StoryPoint Senior Living